Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8020424

The NSS version should be detected before running crypto tests

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b102
    • CPU:
      generic
    • OS:
      linux, solaris_10
    • Verification:
      Verified

      Backports

        Description

        Many PKCS11 tests, in particular EC ones, have intermittent failures due to the NSS version on the test machine being old or not supporting the full elliptic curve suite (ECC Basic vs ECC Extended vs none at all).

        The most common error one will see returned from PKCS11 is CKR_DOMAIN_PARAMS_INVALID from EC tests. Others are one-off bugs in NSS that were fixed in later NSS versions. While it would be nice to have all the NSS version up-to-date, it's a reality that these failures will occur in the community and it's best the tests are smarter rather than having to explain the problems over and over.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                ascarpino Anthony Scarpino
                Reporter:
                ascarpino Anthony Scarpino
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: